<?php
header("Content-type:text/html;charset=utf-8");
//登录
if(!isset($_POST['submit'])){
	exit('非法访问!');
}
$username = htmlspecialchars($_POST['LOGINNAME']);
$password = MD5($_POST['LOGINPWORD']);

//包含数据库连接文件
@include_once 'conn/DbConn.class.php';
@include_once '../conn/DbConn.class.php'; 
//检测用户名及密码是否正确
$check_query = mysql_query("select UID from t_userlogin where LOGINNAME='$username' and LOGINPWORD='$password' limit 1");
if($result = mysql_fetch_array($check_query)){
	//登录成功
	session_start();
	$_SESSION['LOGINNAME'] = $username;
	$_SESSION['UID'] = $result['userid'];
	echo $username,' 欢迎你！进入 <a href="my.php">用户中心</a><br />';
	echo '点击此处 <a href="login.php?action=logout">注销</a> 登录！<br />';
	exit;
} else {
	exit('登录失败！点击此处 <a href="javascript:history.back(-1);">返回</a> 重试');
}

//注销登录
if($_GET['action'] == "logout"){
	unset($_SESSION['userid']);
	unset($_SESSION['username']);
	echo '注销登录成功！点击此处 <a href="login.html">登录</a>';
	exit;
}